I'd agree and disagree, filtering the default isp provided dns server
for consumer and possibly small business, reasonable, not without some
issues, but reasonable. Comcast style filter servers and intercept all
dns headed to other dns servers and redirect them to your own servers
and make it difficult to disable, unreasonable, if people deliberately
choose to use different dns do NOT override that choice at an isp level
(corporate/business firewalls are a bit of a different story), offering
security filtered dns as a default isp provided server is a value add
for many non technical users, filtering beyond security or making it
difficult to use other dns servers is a detriment to users.
my view on small business's with static addresses are a little more
complex, they are more likely to be doing things the filtering might
break, but many of those things also are best done while running your
own recursive resolver, so it may not actually matter that much, but
definitely don't do a forced dns server via redirection of all dns
queries for such users, honestly don't ever do that as an ISP without
specific direct opt in, not opt in by not fighting with sales to remove
a line from an order, or other "opt-in" that isn't actually customer
initiated informed opt-in, I'm looking at you Comcast.
On 10/27/2023 5:20 PM, John Levine wrote:
It appears that Bryan Fields <br...@bryanfields.net> said:
-=-=-=-=-=-
-=-=-=-=-=-
On 10/27/23 7:49 AM, John Levine wrote:
But for obvious good reasons,
the vast majority of their customers don't
I'd argue that as a service provider deliberately messing with DNS is an
obvious bad thing. They're there to deliver packets.
For a network feeding a data center, sure. For a network like
Charter's which is feeding unsophisticated nontechnical users, they
need all the messing they can get.
If you're one of the small minority of retail users that knows enough
about the technology to pick your own resolver, go ahead. But it's
a reasonable default to keep malware out of Grandma's iPad.
R's,
John
